/**
 * Copyright 2008-2009 HAN.BIFANG
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
 */
package han.bifang.web.servlet;

import han.bifang.common.exception.BifangErrorCode;
import han.bifang.common.exception.BifangException;
import han.bifang.web.access.AccessHelper;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

import v1.security.web.bifang.han.SecurityRequestDocument;
import v1.security.web.bifang.han.SecurityResponseDocument;

/**
 * Servlet implementation class for Servlet: AccessServlet
 * 
 */
public class AccessServlet extends javax.servlet.http.HttpServlet implements
		javax.servlet.Servlet {
	static final long serialVersionUID = 1L;

	/*
	 * (non-Java-doc)
	 * 
	 * @see javax.servlet.http.HttpServlet#HttpServlet()
	 */
	public AccessServlet() {
		super();
	}

	/*
	 * (non-Java-doc)
	 * 
	 * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest request,
	 *      HttpServletResponse response)
	 */
	protected void doPost(HttpServletRequest request,
			HttpServletResponse response) throws ServletException, IOException {
		SecurityResponseDocument ret = SecurityResponseDocument.Factory
				.newInstance();
		ret.addNewSecurityResponse();
		try {
			String xml = ServletReqResHeler.getRequestString(request);
			SecurityRequestDocument doc = SecurityRequestDocument.Factory
					.parse(xml);
			if (!doc.validate()) {
				throw new BifangException(
						BifangErrorCode.REQUEST_XML_FORMAT_ERROR,
						"request xml format error");
			}
			
			boolean valid = AccessHelper.checkUser(doc.getSecurityRequest()
					.getAuthenticateRequest());
			if (valid) {
				valid = AccessHelper.checkPermission(doc.getSecurityRequest()
						.getAuthenticateRequest().getUserPassword().getUser(), doc.getSecurityRequest().getServiceCode());
			}
			ret.addNewSecurityResponse().setResult(valid);
		} catch (BifangException e) {
			Log logger = LogFactory.getLog(AccessServlet.class);
			logger.error("AccessServlet.doPost()", e);
			ret.addNewSecurityResponse().addNewError()
					.setErrorCode(e.getCode());
			ret.getSecurityResponse().getError().setErrorMsg(e.getMsg());
		} catch (Exception e) {
			Log logger = LogFactory.getLog(AccessServlet.class);
			logger.error("AccessServlet.doPost()", e);
			ret.addNewSecurityResponse().addNewError().setErrorCode(
					BifangErrorCode.UNKNOWN_ERROR);
			ret.getSecurityResponse().getError().setErrorMsg(
					"error : " + e.getMessage());
		}

		ServletReqResHeler.setResponseString(response, ret.toString());
	}

	/*
	 * (non-Javadoc)
	 * 
	 * @see javax.servlet.GenericServlet#init()
	 */
	public void init() throws ServletException {
		// TODO Auto-generated method stub
		super.init();
	}
}